xref: /titanic_41/usr/src/uts/common/io/ath/ath_main.c (revision 0b6016e6ff70af39f99c9cc28e0c2207c8f5413c)
1 /*
2  * Copyright 2005 Sun Microsystems, Inc.  All rights reserved.
3  * Use is subject to license terms.
4  */
5 
6 /*
7  * Copyright (c) 2002-2004 Sam Leffler, Errno Consulting
8  * All rights reserved.
9  *
10  * Redistribution and use in source and binary forms, with or without
11  * modification, are permitted provided that the following conditions
12  * are met:
13  * 1. Redistributions of source code must retain the above copyright
14  * notice, this list of conditions and the following disclaimer,
15  * without modification.
16  * 2. Redistributions in binary form must reproduce at minimum a disclaimer
17  * similar to the "NO WARRANTY" disclaimer below ("Disclaimer") and any
18  * redistribution must be conditioned upon including a substantially
19  * similar Disclaimer requirement for further binary redistribution.
20  * 3. Neither the names of the above-listed copyright holders nor the names
21  * of any contributors may be used to endorse or promote products derived
22  * from this software without specific prior written permission.
23  *
24  * NO WARRANTY
25  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
26  * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
27  * LIMITED TO, THE IMPLIED WARRANTIES OF NONINFRINGEMENT, MERCHANTIBILITY
28  * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
29  * THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR SPECIAL, EXEMPLARY,
30  * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
31  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
32  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
33  * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
34  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
35  * THE POSSIBILITY OF SUCH DAMAGES.
36  *
37  */
38 
39 #pragma ident	"%Z%%M%	%I%	%E% SMI"
40 
41 /*
42  * Driver for the Atheros Wireless LAN controller.
43  *
44  * The Atheros driver can be devided into 2 parts: H/W related(we called LLD:
45  * Low Level Driver) and IEEE80211 protocol related(we called IEEE80211),
46  * and each part has several sub modules.
47  * The following is the high level structure of ath driver.
48  * (The arrows between modules indicate function call direction.)
49  *
50  *
51  *                     ^                                |
52  *                     |                                | GLD thread
53  *                     |                                V
54  *             ==================  =========================================
55  *             |[1]             |  |[2]                                    |
56  *             |                |  |    GLD Callback functions registered  |
57  *             |   IEEE80211    |  =========================       by      |
58  *             |                |          |               |   IEEE80211   |
59  *             |   Internal     |          V               |               |
60  * =========   |                |========================  |               |
61  * |[3]    |   |   Functions                            |  |               |
62  * |       |   |                                        |  |               |
63  * |Multi- |   ==========================================  =================
64  * |       |       ^           |                |                  |
65  * |Func   |       |           V                V                  V
66  * |       |   ======================   ------------------------------------
67  * |Thread |   |[4]                 |   |[5]                               |
68  * |       |-->| Functions exported |   |   IEEE80211 Callback functions   |
69  * |       |   |    by IEEE80211    |   |      registered by LLD           |
70  * =========   ======================   ------------------------------------
71  *                       ^                                |
72  *                       |                                V
73  *             -------------------------------------------------------------
74  *             |[6]                                                        |
75  *             |                LLD Internal functions                     |
76  *             |                                                           |
77  *             -------------------------------------------------------------
78  *                                        ^
79  *                                        | Software interrupt thread
80  *                                        |
81  *
82  * Modules 1/2/3/4 constitute part IEEE80211, and modules 5/6 constitute LLD.
83  * The short description of each module is as below:
84  *      Module 1: IEEE80211 Internal functions, including ieee80211 state
85  *                machine, convert functions between 802.3 frame and
86  *                802.11 frame, and node maintain function, etc.
87  *      Module 2: GLD callback functions, which are intercepting the calls from
88  *                GLD to LLD, and adding IEEE80211's mutex protection.
89  *      Module 3: Multi-func thread, which is responsible for scan timing,
90  *                rate control timing and calibrate timing.
91  *      Module 4: Functions exported by IEEE80211, which can be called from
92  *                other modules.
93  *      Module 5: IEEE80211 callback functions registered by LLD, which include
94  *                GLD related callbacks and some other functions needed by
95  *                IEEE80211.
96  *      Module 6: LLD Internal functions, which are responsible for allocing
97  *                descriptor/buffer, handling interrupt and other H/W
98  *                operations.
99  *
100  * All functions are running in 3 types of thread:
101  * 1. GLD callbacks threads, such as ioctl, intr, etc.
102  * 2. Multi-Func thread in IEEE80211 which is responsible for scan,
103  *    rate control and calibrate.
104  * 3. Software Interrupt thread originated in LLD.
105  *
106  * The lock strategy is as below:
107  * There have 4 queues for tx, each queue has one asc_txqlock[i] to
108  *      prevent conflicts access to queue resource from different thread.
109  *
110  * All the transmit buffers are contained in asc_txbuf which are
111  *      protected by asc_txbuflock.
112  *
113  * Each receive buffers are contained in asc_rxbuf which are protected
114  *      by asc_rxbuflock.
115  *
116  * In ath struct, asc_genlock is a general lock, protecting most other
117  *      operational data in ath_softc struct and HAL accesses.
118  *      It is acquired by the interupt handler and most "mode-ctrl" routines.
119  *
120  * In ieee80211com struct, isc_genlock is a general lock to protect
121  *      necessary data and functions in ieee80211_com struct. Some data in
122  *      ieee802.11_com don't need protection. For example, isc_dev is writen
123  *      only in ath_attach(), but read in many other functions, so protection
124  *      is not necessary.
125  *
126  * Any of the locks can be acquired singly, but where multiple
127  * locks are acquired, they *must* be in the order:
128  *
129  *    isc_genlock >> asc_genlock >> asc_txqlock[i] >>
130  *        asc_txbuflock >> asc_rxbuflock
131  *
132  * Note:
133  * 1. All the IEEE80211 callback functions(except isc_gld_intr)
134  *    registered by LLD in module [5] are protected by isc_genlock before
135  *    calling from IEEE80211.
136  * 2. Module [4] have 3 important functions ieee80211_input(),
137  *    ieee80211_new_state() and _ieee80211_new_state().
138  *    The functions in module [6] should avoid holding mutex or other locks
139  *    during the call to ieee80211_input().
140  *    In particular, the soft interrupt thread that calls ieee80211_input()
141  *    may in some cases carry out processing that includes sending an outgoing
142  *    packet, resulting in a call to the driver's ath_mgmt_send() routine.
143  *    If the ath_mgmt_send() routine were to try to acquire a mutex being held
144  *    by soft interrupt thread at the time it calls ieee80211_input(),
145  *    this could result in a panic due to recursive mutex entry.
146  *    ieee80211_new_state() and _ieee80211_new_state() are almost the same
147  *    except that the latter function asserts isc_genlock is owned in its entry.
148  *    so ieee80211_new_state() is only called by ath_bmiss_handler()
149  *    from soft interrupt handler thread.
150  *    As the same reason to ieee80211_input, we can't hold any other mutex.
151  * 3. *None* of these locks may be held across calls out to the
152  *    GLD routines gld_recv() in ieee80211_input().
153  *
154  */
155 
156 #include <sys/param.h>
157 #include <sys/types.h>
158 #include <sys/signal.h>
159 #include <sys/stream.h>
160 #include <sys/termio.h>
161 #include <sys/errno.h>
162 #include <sys/file.h>
163 #include <sys/cmn_err.h>
164 #include <sys/stropts.h>
165 #include <sys/strsubr.h>
166 #include <sys/strtty.h>
167 #include <sys/kbio.h>
168 #include <sys/cred.h>
169 #include <sys/stat.h>
170 #include <sys/consdev.h>
171 #include <sys/kmem.h>
172 #include <sys/modctl.h>
173 #include <sys/ddi.h>
174 #include <sys/sunddi.h>
175 #include <sys/pci.h>
176 #include <sys/errno.h>
177 #include <sys/gld.h>
178 #include <sys/dlpi.h>
179 #include <sys/ethernet.h>
180 #include <sys/list.h>
181 #include <sys/byteorder.h>
182 #include <sys/strsun.h>
183 #include <sys/policy.h>
184 #include <inet/common.h>
185 #include <inet/nd.h>
186 #include <inet/mi.h>
187 #include <inet/wifi_ioctl.h>
188 #include "ath_hal.h"
189 #include "ath_impl.h"
190 #include "ath_aux.h"
191 #include "ath_rate.h"
192 
193 extern void ath_halfix_init(void);
194 extern void ath_halfix_finit(void);
195 extern int32_t ath_getset(ath_t *asc, mblk_t *mp, uint32_t cmd);
196 
197 /*
198  * PIO access attributes for registers
199  */
200 static ddi_device_acc_attr_t ath_reg_accattr = {
201 	DDI_DEVICE_ATTR_V0,
202 	DDI_STRUCTURE_LE_ACC,
203 	DDI_STRICTORDER_ACC
204 };
205 
206 /*
207  * DMA access attributes for descriptors: NOT to be byte swapped.
208  */
209 static ddi_device_acc_attr_t ath_desc_accattr = {
210 	DDI_DEVICE_ATTR_V0,
211 	DDI_STRUCTURE_LE_ACC,
212 	DDI_STRICTORDER_ACC
213 };
214 
215 /*
216  * Describes the chip's DMA engine
217  */
218 static ddi_dma_attr_t dma_attr = {
219 	DMA_ATTR_V0,			/* dma_attr version */
220 	0x0000000000000000ull,		/* dma_attr_addr_lo */
221 	0xFFFFFFFFFFFFFFFFull,		/* dma_attr_addr_hi */
222 	0x00000000FFFFFFFFull,		/* dma_attr_count_max */
223 	0x0000000000000001ull,		/* dma_attr_align */
224 	0x00000FFF,			/* dma_attr_burstsizes */
225 	0x00000001,			/* dma_attr_minxfer */
226 	0x000000000000FFFFull,		/* dma_attr_maxxfer */
227 	0xFFFFFFFFFFFFFFFFull,		/* dma_attr_seg */
228 	1,				/* dma_attr_sgllen */
229 	0x00000001,			/* dma_attr_granular */
230 	0				/* dma_attr_flags */
231 };
232 
233 static uint8_t ath_broadcast_addr[] = {
234 	0xff, 0xff, 0xff, 0xff, 0xff, 0xff
235 };
236 
237 static kmutex_t ath_loglock;
238 static void *ath_soft_state_p = NULL;
239 
240 /*
241  * Available debug flags:
242  * ATH_DBG_INIT, ATH_DBG_GLD, ATH_DBG_HAL, ATH_DBG_INT, ATH_DBG_ATTACH,
243  * ATH_DBG_DETACH, ATH_DBG_AUX, ATH_DBG_WIFICFG, ATH_DBG_OSDEP
244  */
245 uint32_t ath_dbg_flags = 0;
246 
247 /*
248  * Exception/warning cases not leading to panic.
249  */
250 void
251 ath_problem(const int8_t *fmt, ...)
252 {
253 	va_list args;
254 
255 	mutex_enter(&ath_loglock);
256 
257 	va_start(args, fmt);
258 	vcmn_err(CE_WARN, fmt, args);
259 	va_end(args);
260 
261 	mutex_exit(&ath_loglock);
262 }
263 
264 /*
265  * Normal log information independent of debug.
266  */
267 void
268 ath_log(const int8_t *fmt, ...)
269 {
270 	va_list args;
271 
272 	mutex_enter(&ath_loglock);
273 
274 	va_start(args, fmt);
275 	vcmn_err(CE_CONT, fmt, args);
276 	va_end(args);
277 
278 	mutex_exit(&ath_loglock);
279 }
280 
281 void
282 ath_dbg(uint32_t dbg_flags, const int8_t *fmt, ...)
283 {
284 	va_list args;
285 
286 	if (dbg_flags & ath_dbg_flags) {
287 		mutex_enter(&ath_loglock);
288 		va_start(args, fmt);
289 		vcmn_err(CE_CONT, fmt, args);
290 		va_end(args);
291 		mutex_exit(&ath_loglock);
292 	}
293 }
294 
295 void
296 ath_setup_desc(ath_t *asc, struct ath_buf *bf)
297 {
298 	struct ath_desc *ds;
299 
300 	ds = bf->bf_desc;
301 	ds->ds_link = bf->bf_daddr;
302 	ds->ds_data = bf->bf_dma.cookie.dmac_address;
303 	ATH_HAL_SETUPRXDESC(asc->asc_ah, ds,
304 	    bf->bf_dma.alength,		/* buffer size */
305 	    0);
306 
307 	if (asc->asc_rxlink != NULL)
308 		*asc->asc_rxlink = bf->bf_daddr;
309 	asc->asc_rxlink = &ds->ds_link;
310 }
311 
312 
313 /*
314  * Allocate an area of memory and a DMA handle for accessing it
315  */
316 static int
317 ath_alloc_dma_mem(dev_info_t *devinfo, size_t memsize,
318 	ddi_device_acc_attr_t *attr_p, uint_t alloc_flags,
319 	uint_t bind_flags, dma_area_t *dma_p)
320 {
321 	int err;
322 
323 	/*
324 	 * Allocate handle
325 	 */
326 	err = ddi_dma_alloc_handle(devinfo, &dma_attr,
327 		DDI_DMA_SLEEP, NULL, &dma_p->dma_hdl);
328 	if (err != DDI_SUCCESS)
329 		return (DDI_FAILURE);
330 
331 	/*
332 	 * Allocate memory
333 	 */
334 	err = ddi_dma_mem_alloc(dma_p->dma_hdl, memsize, attr_p,
335 	    alloc_flags, DDI_DMA_SLEEP, NULL, &dma_p->mem_va,
336 	    &dma_p->alength, &dma_p->acc_hdl);
337 	if (err != DDI_SUCCESS)
338 		return (DDI_FAILURE);
339 
340 	/*
341 	 * Bind the two together
342 	 */
343 	err = ddi_dma_addr_bind_handle(dma_p->dma_hdl, NULL,
344 		dma_p->mem_va, dma_p->alength, bind_flags,
345 		DDI_DMA_SLEEP, NULL, &dma_p->cookie, &dma_p->ncookies);
346 	if (err != DDI_DMA_MAPPED)
347 		return (DDI_FAILURE);
348 
349 	dma_p->nslots = ~0U;
350 	dma_p->size = ~0U;
351 	dma_p->token = ~0U;
352 	dma_p->offset = 0;
353 	return (DDI_SUCCESS);
354 }
355 
356 /*
357  * Free one allocated area of DMAable memory
358  */
359 static void
360 ath_free_dma_mem(dma_area_t *dma_p)
361 {
362 	if (dma_p->dma_hdl != NULL) {
363 		(void) ddi_dma_unbind_handle(dma_p->dma_hdl);
364 		if (dma_p->acc_hdl != NULL) {
365 			ddi_dma_mem_free(&dma_p->acc_hdl);
366 			dma_p->acc_hdl = NULL;
367 		}
368 		ddi_dma_free_handle(&dma_p->dma_hdl);
369 		dma_p->ncookies = 0;
370 		dma_p->dma_hdl = NULL;
371 	}
372 }
373 
374 
375 static int
376 ath_desc_alloc(dev_info_t *devinfo, ath_t *asc)
377 {
378 	int i, err;
379 	size_t size;
380 	struct ath_desc *ds;
381 	struct ath_buf *bf;
382 
383 	size = sizeof (struct ath_desc) * (ATH_TXBUF + ATH_RXBUF);
384 
385 	err = ath_alloc_dma_mem(devinfo, size, &ath_desc_accattr,
386 	    DDI_DMA_CONSISTENT, DDI_DMA_RDWR | DDI_DMA_CONSISTENT,
387 	    &asc->asc_desc_dma);
388 
389 	/* virtual address of the first descriptor */
390 	asc->asc_desc = (struct ath_desc *)asc->asc_desc_dma.mem_va;
391 
392 	ds = asc->asc_desc;
393 	ATH_DEBUG((ATH_DBG_INIT, "ath: ath_desc_alloc(): DMA map: "
394 	    "%p (%d) -> %p\n",
395 	    asc->asc_desc, asc->asc_desc_dma.alength,
396 	    asc->asc_desc_dma.cookie.dmac_address));
397 
398 	/* allocate data structures to describe TX/RX DMA buffers */
399 	asc->asc_vbuflen = sizeof (struct ath_buf) * (ATH_TXBUF + ATH_RXBUF);
400 	bf = (struct ath_buf *)kmem_zalloc(asc->asc_vbuflen, KM_SLEEP);
401 	asc->asc_vbufptr = bf;
402 
403 	/* DMA buffer size for each TX/RX packet */
404 	asc->asc_dmabuf_size = roundup(1000 + sizeof (struct ieee80211_frame) +
405 	    IEEE80211_MTU + IEEE80211_CRC_LEN +
406 	    (IEEE80211_WEP_IVLEN + IEEE80211_WEP_KIDLEN +
407 	    IEEE80211_WEP_CRCLEN), asc->asc_cachelsz);
408 
409 	/* create RX buffer list and allocate DMA memory */
410 	list_create(&asc->asc_rxbuf_list, sizeof (struct ath_buf),
411 	    offsetof(struct ath_buf, bf_node));
412 	for (i = 0; i < ATH_RXBUF; i++, bf++, ds++) {
413 		bf->bf_desc = ds;
414 		bf->bf_daddr = asc->asc_desc_dma.cookie.dmac_address +
415 		    ((caddr_t)ds - (caddr_t)asc->asc_desc);
416 		list_insert_tail(&asc->asc_rxbuf_list, bf);
417 
418 		/* alloc DMA memory */
419 		err = ath_alloc_dma_mem(devinfo, asc->asc_dmabuf_size,
420 		    &ath_desc_accattr,
421 		    DDI_DMA_STREAMING, DDI_DMA_READ | DDI_DMA_STREAMING,
422 		    &bf->bf_dma);
423 		if (err != DDI_SUCCESS)
424 			return (err);
425 	}
426 
427 	/* create TX buffer list and allocate DMA memory */
428 	list_create(&asc->asc_txbuf_list, sizeof (struct ath_buf),
429 	    offsetof(struct ath_buf, bf_node));
430 	for (i = 0; i < ATH_TXBUF; i++, bf++, ds++) {
431 		bf->bf_desc = ds;
432 		bf->bf_daddr = asc->asc_desc_dma.cookie.dmac_address +
433 		    ((caddr_t)ds - (caddr_t)asc->asc_desc);
434 		list_insert_tail(&asc->asc_txbuf_list, bf);
435 
436 		/* alloc DMA memory */
437 		err = ath_alloc_dma_mem(devinfo, size, &ath_desc_accattr,
438 		    DDI_DMA_STREAMING, DDI_DMA_STREAMING, &bf->bf_dma);
439 		if (err != DDI_SUCCESS)
440 			return (err);
441 	}
442 
443 	return (DDI_SUCCESS);
444 }
445 
446 static void
447 ath_desc_free(ath_t *asc)
448 {
449 	struct ath_buf *bf;
450 
451 	/* Free TX DMA buffer */
452 	bf = list_head(&asc->asc_txbuf_list);
453 	while (bf != NULL) {
454 		ath_free_dma_mem(&bf->bf_dma);
455 		list_remove(&asc->asc_txbuf_list, bf);
456 		bf = list_head(&asc->asc_txbuf_list);
457 	}
458 	list_destroy(&asc->asc_txbuf_list);
459 
460 	/* Free RX DMA uffer */
461 	bf = list_head(&asc->asc_rxbuf_list);
462 	while (bf != NULL) {
463 		ath_free_dma_mem(&bf->bf_dma);
464 		list_remove(&asc->asc_rxbuf_list, bf);
465 		bf = list_head(&asc->asc_rxbuf_list);
466 	}
467 	list_destroy(&asc->asc_rxbuf_list);
468 
469 	/* Free descriptor DMA buffer */
470 	ath_free_dma_mem(&asc->asc_desc_dma);
471 
472 	kmem_free((void *)asc->asc_vbufptr, asc->asc_vbuflen);
473 	asc->asc_vbufptr = NULL;
474 }
475 
476 static void
477 ath_printrxbuf(struct ath_buf *bf, int32_t done)
478 {
479 	struct ath_desc *ds = bf->bf_desc;
480 
481 	ATH_DEBUG((ATH_DBG_RECV, "ath: R (%p %p) %08x %08x %08x "
482 	    "%08x %08x %08x %c\n",
483 	    ds, bf->bf_daddr,
484 	    ds->ds_link, ds->ds_data,
485 	    ds->ds_ctl0, ds->ds_ctl1,
486 	    ds->ds_hw[0], ds->ds_hw[1],
487 	    !done ? ' ' : (ds->ds_rxstat.rs_status == 0) ? '*' : '!'));
488 }
489 
490 static void
491 ath_rx_handler(ath_t *asc)
492 {
493 	ieee80211com_t *isc = (ieee80211com_t *)asc;
494 	struct ath_buf *bf;
495 	struct ath_hal *ah = asc->asc_ah;
496 	struct ath_desc *ds;
497 	mblk_t *rx_mp;
498 	struct ieee80211_frame *wh, whbuf;
499 	int32_t len, loop = 1;
500 	uint8_t phyerr;
501 	HAL_STATUS status;
502 	HAL_NODE_STATS hal_node_stats;
503 
504 	do {
505 		mutex_enter(&asc->asc_rxbuflock);
506 		bf = list_head(&asc->asc_rxbuf_list);
507 		if (bf == NULL) {
508 			ATH_DEBUG((ATH_DBG_RECV, "ath: ath_rx_handler(): "
509 			    "no buffer\n"));
510 			mutex_exit(&asc->asc_rxbuflock);
511 			break;
512 		}
513 		ASSERT(bf->bf_dma.cookie.dmac_address != NULL);
514 		ds = bf->bf_desc;
515 		if (ds->ds_link == bf->bf_daddr) {
516 			/*
517 			 * Never process the self-linked entry at the end,
518 			 * this may be met at heavy load.
519 			 */
520 			mutex_exit(&asc->asc_rxbuflock);
521 			break;
522 		}
523 
524 		status = ATH_HAL_RXPROCDESC(ah, ds,
525 		    bf->bf_daddr,
526 		    ATH_PA2DESC(asc, ds->ds_link));
527 		if (status == HAL_EINPROGRESS) {
528 			mutex_exit(&asc->asc_rxbuflock);
529 			break;
530 		}
531 		list_remove(&asc->asc_rxbuf_list, bf);
532 		mutex_exit(&asc->asc_rxbuflock);
533 
534 		if (ds->ds_rxstat.rs_status != 0) {
535 			if (ds->ds_rxstat.rs_status & HAL_RXERR_CRC)
536 				asc->asc_stats.ast_rx_crcerr++;
537 			if (ds->ds_rxstat.rs_status & HAL_RXERR_FIFO)
538 				asc->asc_stats.ast_rx_fifoerr++;
539 			if (ds->ds_rxstat.rs_status & HAL_RXERR_DECRYPT)
540 				asc->asc_stats.ast_rx_badcrypt++;
541 			if (ds->ds_rxstat.rs_status & HAL_RXERR_PHY) {
542 				asc->asc_stats.ast_rx_phyerr++;
543 				phyerr = ds->ds_rxstat.rs_phyerr & 0x1f;
544 				asc->asc_stats.ast_rx_phy[phyerr]++;
545 			}
546 			goto rx_next;
547 		}
548 		len = ds->ds_rxstat.rs_datalen;
549 
550 		/* less than sizeof(struct ieee80211_frame) */
551 		if (len < 20) {
552 			asc->asc_stats.ast_rx_tooshort++;
553 			goto rx_next;
554 		}
555 
556 		if ((rx_mp = allocb(asc->asc_dmabuf_size, BPRI_MED)) == NULL) {
557 			ath_problem("ath: ath_rx_handler(): "
558 			    "allocing mblk buffer failed.\n");
559 			return;
560 		}
561 
562 		ATH_DMA_SYNC(bf->bf_dma, DDI_DMA_SYNC_FORCPU);
563 		bcopy(bf->bf_dma.mem_va, rx_mp->b_rptr, len);
564 
565 		rx_mp->b_wptr += len;
566 		wh = (struct ieee80211_frame *)rx_mp->b_rptr;
567 		if ((wh->ifrm_fc[0] & IEEE80211_FC0_TYPE_MASK) ==
568 		    IEEE80211_FC0_TYPE_CTL) {
569 			/*
570 			 * Ignore control frame received in promisc mode.
571 			 */
572 			freemsg(rx_mp);
573 			goto rx_next;
574 		}
575 		/* Remove the CRC at the end of IEEE80211 frame */
576 		rx_mp->b_wptr -= IEEE80211_CRC_LEN;
577 		if (wh->ifrm_fc[1] & IEEE80211_FC1_WEP) {
578 			/*
579 			 * WEP is decrypted by hardware. Clear WEP bit
580 			 * and trim WEP header for ieee80211_input().
581 			 */
582 			wh->ifrm_fc[1] &= ~IEEE80211_FC1_WEP;
583 			bcopy(wh, &whbuf, sizeof (whbuf));
584 			/*
585 			 * Remove WEP related fields between
586 			 * header and payload.
587 			 */
588 			rx_mp->b_rptr += IEEE80211_WEP_IVLEN +
589 			    IEEE80211_WEP_KIDLEN;
590 			bcopy(&whbuf, rx_mp->b_rptr, sizeof (whbuf));
591 			/*
592 			 * Remove WEP CRC from the tail.
593 			 */
594 			rx_mp->b_wptr -= IEEE80211_WEP_CRCLEN;
595 		}
596 #ifdef DEBUG
597 		ath_printrxbuf(bf, status == HAL_OK);
598 #endif /* DEBUG */
599 		ieee80211_input(isc, rx_mp,
600 		    ds->ds_rxstat.rs_rssi,
601 		    ds->ds_rxstat.rs_tstamp,
602 		    ds->ds_rxstat.rs_antenna);
603 rx_next:
604 		mutex_enter(&asc->asc_rxbuflock);
605 		list_insert_tail(&asc->asc_rxbuf_list, bf);
606 		mutex_exit(&asc->asc_rxbuflock);
607 		ath_setup_desc(asc, bf);
608 	} while (loop);
609 
610 	/* rx signal state monitoring */
611 	ATH_HAL_RXMONITOR(ah, &hal_node_stats);
612 	ATH_HAL_RXENA(ah);	/* in case of RXEOL */
613 }
614 
615 static void
616 ath_printtxbuf(struct ath_buf *bf, int done)
617 {
618 	struct ath_desc *ds = bf->bf_desc;
619 
620 	ATH_DEBUG((ATH_DBG_SEND, "ath: T(%p %p) %08x %08x %08x %08x %08x"
621 	    " %08x %08x %08x %c\n",
622 	    ds, bf->bf_daddr,
623 	    ds->ds_link, ds->ds_data,
624 	    ds->ds_ctl0, ds->ds_ctl1,
625 	    ds->ds_hw[0], ds->ds_hw[1], ds->ds_hw[2], ds->ds_hw[3],
626 	    !done ? ' ' : (ds->ds_txstat.ts_status == 0) ? '*' : '!'));
627 }
628 
629 /*
630  * The input parameter mp has following assumption:
631  * the first mblk is for ieee80211 header, and there has enough space left
632  * for WEP option at the end of this mblk.
633  * The continue mblks are for payload.
634  */
635 static int32_t
636 ath_xmit(ath_t *asc, struct ieee80211_node *in,
637     struct ath_buf *bf, mblk_t *mp, mblk_t *mp_header)
638 {
639 	ieee80211com_t *isc = (ieee80211com_t *)asc;
640 	struct ieee80211_frame *wh;
641 	struct ath_hal *ah = asc->asc_ah;
642 	uint32_t subtype, flags, ctsduration, antenna;
643 	int32_t keyix, iswep, hdrlen, pktlen, mblen, mbslen, try0;
644 	uint8_t rix, cix, txrate, ctsrate, *tmp_ptr;
645 	struct ath_desc *ds;
646 	struct ath_txq *txq;
647 	HAL_PKT_TYPE atype;
648 	const HAL_RATE_TABLE *rt;
649 	HAL_BOOL shortPreamble;
650 	mblk_t *mp0;
651 	struct ath_node *an;
652 
653 	/*
654 	 * CRC are added by H/W, not encaped by driver,
655 	 * but we must count it in pkt length.
656 	 */
657 	pktlen = IEEE80211_CRC_LEN;
658 
659 	wh = (struct ieee80211_frame *)mp_header->b_rptr;
660 	iswep = wh->ifrm_fc[1] & IEEE80211_FC1_WEP;
661 	keyix = HAL_TXKEYIX_INVALID;
662 	hdrlen = sizeof (struct ieee80211_frame);
663 	if (iswep) {
664 		hdrlen += IEEE80211_WEP_IVLEN + IEEE80211_WEP_KIDLEN;
665 		pktlen += IEEE80211_WEP_CRCLEN;
666 		keyix = isc->isc_wep_txkey;
667 	}
668 	tmp_ptr = (uint8_t *)bf->bf_dma.mem_va;
669 
670 	/* Copy 80211 header from mblk to DMA txbuf */
671 	mblen = mp_header->b_wptr - mp_header->b_rptr;
672 	bcopy(mp_header->b_rptr, tmp_ptr, mblen);
673 	tmp_ptr += mblen;
674 	pktlen += mblen;
675 	mbslen = mblen;
676 
677 	/*
678 	 * If mp==NULL, then it's a management frame,
679 	 * else it's a data frame.
680 	 */
681 	if (mp != NULL) {
682 		/*
683 		 * Copy the first mblk to DMA txbuf
684 		 * (this mblk includes ether header).
685 		 */
686 		mblen = mp->b_wptr - mp->b_rptr - sizeof (struct ether_header);
687 		bcopy(mp->b_rptr + sizeof (struct ether_header),
688 			tmp_ptr, mblen);
689 		tmp_ptr += mblen;
690 		pktlen += mblen;
691 		mbslen += mblen;
692 
693 		/* Copy subsequent mblks to DMA txbuf */
694 		for (mp0 = mp->b_cont; mp0 != NULL; mp0 = mp0->b_cont) {
695 			mblen = mp0->b_wptr - mp0->b_rptr;
696 			bcopy(mp0->b_rptr, tmp_ptr, mblen);
697 			tmp_ptr += mblen;
698 			pktlen += mblen;
699 			mbslen += mblen;
700 		}
701 	}
702 
703 	bf->bf_in = in;
704 
705 	/* setup descriptors */
706 	ds = bf->bf_desc;
707 	rt = asc->asc_currates;
708 
709 	/*
710 	 * The 802.11 layer marks whether or not we should
711 	 * use short preamble based on the current mode and
712 	 * negotiated parameters.
713 	 */
714 	if ((isc->isc_flags & IEEE80211_F_SHPREAMBLE) &&
715 	    (in->in_capinfo & IEEE80211_CAPINFO_SHORT_PREAMBLE)) {
716 		shortPreamble = AH_TRUE;
717 		asc->asc_stats.ast_tx_shortpre++;
718 	} else {
719 		shortPreamble = AH_FALSE;
720 	}
721 
722 	an = ATH_NODE(in);
723 
724 	/*
725 	 * Calculate Atheros packet type from IEEE80211 packet header
726 	 * and setup for rate calculations.
727 	 */
728 	switch (wh->ifrm_fc[0] & IEEE80211_FC0_TYPE_MASK) {
729 	case IEEE80211_FC0_TYPE_MGT:
730 		subtype = wh->ifrm_fc[0] & IEEE80211_FC0_SUBTYPE_MASK;
731 		if (subtype == IEEE80211_FC0_SUBTYPE_BEACON)
732 			atype = HAL_PKT_TYPE_BEACON;
733 		else if (subtype == IEEE80211_FC0_SUBTYPE_PROBE_RESP)
734 			atype = HAL_PKT_TYPE_PROBE_RESP;
735 		else if (subtype == IEEE80211_FC0_SUBTYPE_ATIM)
736 			atype = HAL_PKT_TYPE_ATIM;
737 		else
738 			atype = HAL_PKT_TYPE_NORMAL;
739 		rix = 0;	/* lowest rate */
740 		try0 = ATH_TXMAXTRY;
741 		if (shortPreamble)
742 			txrate = an->an_tx_mgtratesp;
743 		else
744 			txrate = an->an_tx_mgtrate;
745 		/* force all ctl frames to highest queue */
746 		txq = asc->asc_ac2q[WME_AC_VO];
747 		break;
748 	case IEEE80211_FC0_TYPE_CTL:
749 		atype = HAL_PKT_TYPE_PSPOLL;
750 		subtype = wh->ifrm_fc[0] & IEEE80211_FC0_SUBTYPE_MASK;
751 		rix = 0;	/* lowest rate */
752 		try0 = ATH_TXMAXTRY;
753 		if (shortPreamble)
754 			txrate = an->an_tx_mgtratesp;
755 		else
756 			txrate = an->an_tx_mgtrate;
757 		/* force all ctl frames to highest queue */
758 		txq = asc->asc_ac2q[WME_AC_VO];
759 		break;
760 	case IEEE80211_FC0_TYPE_DATA:
761 		atype = HAL_PKT_TYPE_NORMAL;
762 		rix = an->an_tx_rix0;
763 		try0 = an->an_tx_try0;
764 		if (shortPreamble)
765 			txrate = an->an_tx_rate0sp;
766 		else
767 			txrate = an->an_tx_rate0;
768 		/* Always use background queue */
769 		txq = asc->asc_ac2q[WME_AC_BK];
770 		break;
771 	default:
772 		/* Unknown 802.11 frame */
773 		asc->asc_stats.ast_tx_invalid++;
774 		return (1);
775 	}
776 	/*
777 	 * Calculate miscellaneous flags.
778 	 */
779 	flags = HAL_TXDESC_CLRDMASK;
780 	if (IEEE80211_IS_MULTICAST(wh->ifrm_addr1)) {
781 		flags |= HAL_TXDESC_NOACK;	/* no ack on broad/multicast */
782 		asc->asc_stats.ast_tx_noack++;
783 	} else if (pktlen > isc->isc_rtsthreshold) {
784 		flags |= HAL_TXDESC_RTSENA;	/* RTS based on frame length */
785 		asc->asc_stats.ast_tx_rts++;
786 	}
787 
788 	/*
789 	 * Calculate duration.  This logically belongs in the 802.11
790 	 * layer but it lacks sufficient information to calculate it.
791 	 */
792 	if ((flags & HAL_TXDESC_NOACK) == 0 &&
793 	    (wh->ifrm_fc[0] & IEEE80211_FC0_TYPE_MASK) !=
794 	    IEEE80211_FC0_TYPE_CTL) {
795 		uint16_t dur;
796 		dur = ath_hal_computetxtime(ah, rt, IEEE80211_ACK_SIZE,
797 		    rix, shortPreamble);
798 		*(uint16_t *)wh->ifrm_dur = LE_16(dur);
799 	}
800 
801 	/*
802 	 * Calculate RTS/CTS rate and duration if needed.
803 	 */
804 	ctsduration = 0;
805 	if (flags & (HAL_TXDESC_RTSENA|HAL_TXDESC_CTSENA)) {
806 		/*
807 		 * CTS transmit rate is derived from the transmit rate
808 		 * by looking in the h/w rate table.  We must also factor
809 		 * in whether or not a short preamble is to be used.
810 		 */
811 		cix = rt->info[rix].controlRate;
812 		ctsrate = rt->info[cix].rateCode;
813 		if (shortPreamble)
814 			ctsrate |= rt->info[cix].shortPreamble;
815 		/*
816 		 * Compute the transmit duration based on the size
817 		 * of an ACK frame.  We call into the HAL to do the
818 		 * computation since it depends on the characteristics
819 		 * of the actual PHY being used.
820 		 */
821 		if (flags & HAL_TXDESC_RTSENA) {	/* SIFS + CTS */
822 			ctsduration += ath_hal_computetxtime(ah,
823 			    rt, IEEE80211_ACK_SIZE, cix, shortPreamble);
824 		}
825 		/* SIFS + data */
826 		ctsduration += ath_hal_computetxtime(ah,
827 		    rt, pktlen, rix, shortPreamble);
828 		if ((flags & HAL_TXDESC_NOACK) == 0) {	/* SIFS + ACK */
829 			ctsduration += ath_hal_computetxtime(ah,
830 			    rt, IEEE80211_ACK_SIZE, cix, shortPreamble);
831 		}
832 	} else
833 		ctsrate = 0;
834 
835 	/*
836 	 * For now use the antenna on which the last good
837 	 * frame was received on.  We assume this field is
838 	 * initialized to 0 which gives us ``auto'' or the
839 	 * ``default'' antenna.
840 	 */
841 	if (an->an_tx_antenna)
842 		antenna = an->an_tx_antenna;
843 	else
844 		antenna = in->in_recv_hist[in->in_hist_cur].irh_rantenna;
845 
846 	if (++txq->axq_intrcnt >= ATH_TXINTR_PERIOD) {
847 		flags |= HAL_TXDESC_INTREQ;
848 		txq->axq_intrcnt = 0;
849 	}
850 
851 	/*
852 	 * Formulate first tx descriptor with tx controls.
853 	 */
854 	ATH_HAL_SETUPTXDESC(ah, ds,
855 	    pktlen,			/* packet length */
856 	    hdrlen,			/* header length */
857 	    atype,			/* Atheros packet type */
858 	    MIN(in->in_txpower, 60),	/* txpower */
859 	    txrate, try0,		/* series 0 rate/tries */
860 	    keyix,
861 	    antenna,			/* antenna mode */
862 	    flags,			/* flags */
863 	    ctsrate,			/* rts/cts rate */
864 	    ctsduration);		/* rts/cts duration */
865 
866 	ATH_DEBUG((ATH_DBG_SEND, "ath: ath_xmit(): to %s totlen=%d "
867 	    "an->an_tx_rate1sp=%d tx_rate2sp=%d tx_rate3sp=%d "
868 	    "qnum=%d rix=%d sht=%d dur = %d\n",
869 	    ieee80211_ether_sprintf(wh->ifrm_addr1), mbslen, an->an_tx_rate1sp,
870 	    an->an_tx_rate2sp, an->an_tx_rate3sp,
871 	    txq->axq_qnum, rix, shortPreamble, *(uint16_t *)wh->ifrm_dur));
872 
873 	/*
874 	 * Setup the multi-rate retry state only when we're
875 	 * going to use it.  This assumes ath_hal_setuptxdesc
876 	 * initializes the descriptors (so we don't have to)
877 	 * when the hardware supports multi-rate retry and
878 	 * we don't use it.
879 	 */
880 	if (try0 != ATH_TXMAXTRY)
881 		ATH_HAL_SETUPXTXDESC(ah, ds,
882 		    an->an_tx_rate1sp, 2,	/* series 1 */
883 		    an->an_tx_rate2sp, 2,	/* series 2 */
884 		    an->an_tx_rate3sp, 2);	/* series 3 */
885 
886 	ds->ds_link = 0;
887 	ds->ds_data = bf->bf_dma.cookie.dmac_address;
888 	ATH_HAL_FILLTXDESC(ah, ds,
889 	    mbslen,		/* segment length */
890 	    AH_TRUE,		/* first segment */
891 	    AH_TRUE,		/* last segment */
892 	    ds);		/* first descriptor */
893 
894 	ATH_DMA_SYNC(bf->bf_dma, DDI_DMA_SYNC_FORDEV);
895 
896 	mutex_enter(&txq->axq_lock);
897 	list_insert_tail(&txq->axq_list, bf);
898 	if (txq->axq_link == NULL) {
899 		ATH_HAL_PUTTXBUF(ah, txq->axq_qnum, bf->bf_daddr);
900 	} else {
901 		*txq->axq_link = bf->bf_daddr;
902 	}
903 	txq->axq_link = &ds->ds_link;
904 	mutex_exit(&txq->axq_lock);
905 
906 	ATH_HAL_TXSTART(ah, txq->axq_qnum);
907 
908 	return (0);
909 }
910 
911 
912 static int
913 ath_gld_send(gld_mac_info_t *gld_p, mblk_t *mp)
914 {
915 	int err;
916 	ath_t *asc = ATH_STATE(gld_p);
917 	ieee80211com_t *isc = (ieee80211com_t *)asc;
918 	struct ieee80211_node *in;
919 	mblk_t *mp_header;
920 	struct ath_buf *bf = NULL;
921 
922 	/*
923 	 * No data frames go out unless we're associated; this
924 	 * should not happen as the 802.11 layer does not enable
925 	 * the xmit queue until we enter the RUN state.
926 	 */
927 	if (isc->isc_state != IEEE80211_S_RUN) {
928 		ATH_DEBUG((ATH_DBG_SEND, "ath: ath_gld_send(): "
929 		    "discard, state %u\n", isc->isc_state));
930 		asc->asc_stats.ast_tx_discard++;
931 		return (GLD_NOLINK);
932 	}
933 
934 	/*
935 	 * Only supports STA mode
936 	 */
937 	if (isc->isc_opmode != IEEE80211_M_STA)
938 		return (GLD_NOLINK);
939 
940 	/*
941 	 * Locate AP information, so we can fill MAC address.
942 	 */
943 	in = isc->isc_bss;
944 	in->in_inact = 0;
945 
946 	/*
947 	 * Grab a TX buffer.
948 	 */
949 	mutex_enter(&asc->asc_txbuflock);
950 	bf = list_head(&asc->asc_txbuf_list);
951 
952 	if (bf != NULL)
953 		list_remove(&asc->asc_txbuf_list, bf);
954 	mutex_exit(&asc->asc_txbuflock);
955 
956 	if (bf == NULL) {
957 		ATH_DEBUG((ATH_DBG_SEND, "ath: ath_gld_send(): "
958 		    "no TX DMA buffer available: 100 times\n"));
959 		asc->asc_stats.ast_tx_nobuf++;
960 
961 		mutex_enter(&asc->asc_gld_sched_lock);
962 		asc->asc_need_gld_sched = 1;
963 		mutex_exit(&asc->asc_gld_sched_lock);
964 		return (GLD_NORESOURCES);
965 	}
966 
967 	mp_header = ieee80211_fill_header(isc, mp, isc->isc_wep_txkey, in);
968 	if (mp_header == NULL) {
969 		/* Push back the TX buf */
970 		mutex_enter(&asc->asc_txbuflock);
971 		list_insert_tail(&asc->asc_txbuf_list, bf);
972 		mutex_exit(&asc->asc_txbuflock);
973 		return (GLD_FAILURE);
974 	}
975 
976 	err = ath_xmit(asc, in, bf, mp, mp_header);
977 	freemsg(mp_header);
978 
979 	if (!err) {
980 		freemsg(mp);
981 		return (GLD_SUCCESS);
982 	} else {
983 		return (GLD_FAILURE);
984 	}
985 }
986 
987 static void
988 ath_tx_processq(ath_t *asc, struct ath_txq *txq)
989 {
990 	ieee80211com_t *isc = (ieee80211com_t *)asc;
991 	struct ath_hal *ah = asc->asc_ah;
992 	struct ath_buf *bf;
993 	struct ath_desc *ds;
994 	struct ieee80211_node *in;
995 	int32_t sr, lr;
996 	HAL_STATUS status;
997 	struct ath_node *an;
998 
999 	for (;;) {
1000 		mutex_enter(&txq->axq_lock);
1001 		bf = list_head(&txq->axq_list);
1002 		if (bf == NULL) {
1003 			txq->axq_link = NULL;
1004 			mutex_exit(&txq->axq_lock);
1005 			break;
1006 		}
1007 		ds = bf->bf_desc;	/* last decriptor */
1008 		status = ATH_HAL_TXPROCDESC(ah, ds);
1009 #ifdef DEBUG
1010 		ath_printtxbuf(bf, status == HAL_OK);
1011 #endif
1012 		if (status == HAL_EINPROGRESS) {
1013 			mutex_exit(&txq->axq_lock);
1014 			break;
1015 		}
1016 		list_remove(&txq->axq_list, bf);
1017 		mutex_exit(&txq->axq_lock);
1018 		in = bf->bf_in;
1019 		if (in != NULL) {
1020 			an = ATH_NODE(in);
1021 			/* Successful transmition */
1022 			if (ds->ds_txstat.ts_status == 0) {
1023 				an->an_tx_ok++;
1024 				an->an_tx_antenna =
1025 				    ds->ds_txstat.ts_antenna;
1026 				if (ds->ds_txstat.ts_rate &
1027 				    HAL_TXSTAT_ALTRATE)
1028 					asc->asc_stats.ast_tx_altrate++;
1029 				asc->asc_stats.ast_tx_rssidelta =
1030 				    ds->ds_txstat.ts_rssi -
1031 				    asc->asc_stats.ast_tx_rssi;
1032 				asc->asc_stats.ast_tx_rssi =
1033 				    ds->ds_txstat.ts_rssi;
1034 			} else {
1035 				an->an_tx_err++;
1036 				if (ds->ds_txstat.ts_status &
1037 				    HAL_TXERR_XRETRY)
1038 					asc->asc_stats.
1039 					    ast_tx_xretries++;
1040 				if (ds->ds_txstat.ts_status &
1041 				    HAL_TXERR_FIFO)
1042 					asc->asc_stats.ast_tx_fifoerr++;
1043 				if (ds->ds_txstat.ts_status &
1044 				    HAL_TXERR_FILT)
1045 					asc->asc_stats.
1046 					    ast_tx_filtered++;
1047 				an->an_tx_antenna = 0;	/* invalidate */
1048 			}
1049 			sr = ds->ds_txstat.ts_shortretry;
1050 			lr = ds->ds_txstat.ts_longretry;
1051 			asc->asc_stats.ast_tx_shortretry += sr;
1052 			asc->asc_stats.ast_tx_longretry += lr;
1053 			an->an_tx_retr += sr + lr;
1054 		}
1055 		bf->bf_in = NULL;
1056 		mutex_enter(&asc->asc_txbuflock);
1057 		list_insert_tail(&asc->asc_txbuf_list, bf);
1058 		mutex_exit(&asc->asc_txbuflock);
1059 		mutex_enter(&asc->asc_gld_sched_lock);
1060 		/*
1061 		 * Reschedule stalled outbound packets
1062 		 */
1063 		if (asc->asc_need_gld_sched) {
1064 			asc->asc_need_gld_sched = 0;
1065 			gld_sched(isc->isc_dev);
1066 		}
1067 		mutex_exit(&asc->asc_gld_sched_lock);
1068 	}
1069 }
1070 
1071 
1072 static void
1073 ath_tx_handler(ath_t *asc)
1074 {
1075 	int i;
1076 
1077 	/*
1078 	 * Process each active queue.
1079 	 */
1080 	for (i = 0; i < HAL_NUM_TX_QUEUES; i++) {
1081 		if (ATH_TXQ_SETUP(asc, i)) {
1082 			ath_tx_processq(asc, &asc->asc_txq[i]);
1083 		}
1084 	}
1085 }
1086 
1087 static struct ieee80211_node *
1088 ath_node_alloc(ieee80211com_t *isc)
1089 {
1090 	struct ath_node *an;
1091 	ath_t *asc = (ath_t *)isc;
1092 
1093 	an = kmem_zalloc(sizeof (struct ath_node), KM_SLEEP);
1094 	ath_rate_update(asc, &an->an_node, 0);
1095 	return (&an->an_node);
1096 }
1097 
1098 static void
1099 ath_node_free(ieee80211com_t *isc, struct ieee80211_node *in)
1100 {
1101 	ath_t *asc = (ath_t *)isc;
1102 	struct ath_buf *bf;
1103 	struct ath_txq *txq;
1104 	int32_t i;
1105 
1106 	for (i = 0; i < HAL_NUM_TX_QUEUES; i++) {
1107 		if (ATH_TXQ_SETUP(asc, i)) {
1108 			txq = &asc->asc_txq[i];
1109 			mutex_enter(&txq->axq_lock);
1110 			bf = list_head(&txq->axq_list);
1111 			while (bf != NULL) {
1112 				if (bf->bf_in == in) {
1113 					bf->bf_in = NULL;
1114 				}
1115 				bf = list_next(&txq->axq_list, bf);
1116 			}
1117 			mutex_exit(&txq->axq_lock);
1118 		}
1119 	}
1120 	kmem_free(in, sizeof (struct ath_node));
1121 }
1122 
1123 static void
1124 ath_node_copy(struct ieee80211_node *dst, const struct ieee80211_node *src)
1125 {
1126 	bcopy(src, dst, sizeof (struct ieee80211_node));
1127 }
1128 
1129 /*
1130  * Transmit a management frame.  On failure we reclaim the skbuff.
1131  * Note that management frames come directly from the 802.11 layer
1132  * and do not honor the send queue flow control.  Need to investigate
1133  * using priority queueing so management frames can bypass data.
1134  */
1135 static int32_t
1136 ath_mgmt_send(ieee80211com_t *isc, mblk_t *mp)
1137 {
1138 	ath_t *asc = (ath_t *)isc;
1139 	struct ath_hal *ah = asc->asc_ah;
1140 	struct ieee80211_node *in;
1141 	struct ath_buf *bf = NULL;
1142 	struct ieee80211_frame *wh;
1143 	int32_t error = 0;
1144 
1145 	/* Grab a TX buffer */
1146 	mutex_enter(&asc->asc_txbuflock);
1147 	bf = list_head(&asc->asc_txbuf_list);
1148 	if (bf != NULL)
1149 		list_remove(&asc->asc_txbuf_list, bf);
1150 	if (list_empty(&asc->asc_txbuf_list)) {
1151 		ATH_DEBUG((ATH_DBG_SEND, "ath: ath_mgmt_send(): "
1152 		    "stop queue\n"));
1153 		asc->asc_stats.ast_tx_qstop++;
1154 	}
1155 	mutex_exit(&asc->asc_txbuflock);
1156 	if (bf == NULL) {
1157 		ATH_DEBUG((ATH_DBG_SEND, "ath: ath_mgmt_send(): discard, "
1158 		    "no xmit buf\n"));
1159 		asc->asc_stats.ast_tx_nobufmgt++;
1160 		goto bad;
1161 	}
1162 	wh = (struct ieee80211_frame *)mp->b_rptr;
1163 	if ((wh->ifrm_fc[0] & IEEE80211_FC0_SUBTYPE_MASK) ==
1164 	    IEEE80211_FC0_SUBTYPE_PROBE_RESP) {
1165 		/* fill time stamp */
1166 		uint64_t tsf;
1167 		uint32_t *tstamp;
1168 
1169 		tsf = ATH_HAL_GETTSF64(ah);
1170 		/* adjust 100us delay to xmit */
1171 		tsf += 100;
1172 		tstamp = (uint32_t *)&wh[1];
1173 		tstamp[0] = LE_32(tsf & 0xffffffff);
1174 		tstamp[1] = LE_32(tsf >> 32);
1175 	}
1176 	/*
1177 	 * Locate node state.  When operating
1178 	 * in station mode we always use ic_bss.
1179 	 */
1180 	if (isc->isc_opmode != IEEE80211_M_STA) {
1181 		in = ieee80211_find_node(isc, wh->ifrm_addr1);
1182 		if (in == NULL)
1183 			in = isc->isc_bss;
1184 	} else
1185 		in = isc->isc_bss;
1186 
1187 	error = ath_xmit(asc, in, bf, NULL, mp);
1188 	if (error == 0) {
1189 		asc->asc_stats.ast_tx_mgmt++;
1190 		freemsg(mp);
1191 		return (0);
1192 	}
1193 bad:
1194 	if (bf != NULL) {
1195 		mutex_enter(&asc->asc_txbuflock);
1196 		list_insert_tail(&asc->asc_txbuf_list, bf);
1197 		mutex_exit(&asc->asc_txbuflock);
1198 	}
1199 	freemsg(mp);
1200 	return (error);
1201 }
1202 
1203 static int32_t
1204 ath_new_state(ieee80211com_t *isc, enum ieee80211_state nstate)
1205 {
1206 	ath_t *asc = (ath_t *)isc;
1207 	struct ath_hal *ah = asc->asc_ah;
1208 	struct ieee80211_node *in;
1209 	int32_t i, error;
1210 	uint8_t *bssid;
1211 	uint32_t rfilt;
1212 	enum ieee80211_state ostate;
1213 
1214 	static const HAL_LED_STATE leds[] = {
1215 	    HAL_LED_INIT,	/* IEEE80211_S_INIT */
1216 	    HAL_LED_SCAN,	/* IEEE80211_S_SCAN */
1217 	    HAL_LED_AUTH,	/* IEEE80211_S_AUTH */
1218 	    HAL_LED_ASSOC, 	/* IEEE80211_S_ASSOC */
1219 	    HAL_LED_RUN, 	/* IEEE80211_S_RUN */
1220 	};
1221 	if (asc->asc_invalid == 1)
1222 		return (0);
1223 
1224 	ostate = isc->isc_state;
1225 
1226 	ATH_HAL_SETLEDSTATE(ah, leds[nstate]);	/* set LED */
1227 
1228 	if (nstate == IEEE80211_S_INIT) {
1229 		asc->asc_imask &= ~(HAL_INT_SWBA | HAL_INT_BMISS);
1230 		ATH_HAL_INTRSET(ah, asc->asc_imask);
1231 		error = 0;			/* cheat + use error return */
1232 		goto bad;
1233 	}
1234 	in = isc->isc_bss;
1235 	error = ath_chan_set(asc, in->in_chan);
1236 	if (error != 0)
1237 		goto bad;
1238 
1239 	rfilt = ath_calcrxfilter(asc);
1240 	if (nstate == IEEE80211_S_SCAN)
1241 		bssid = isc->isc_macaddr;
1242 	else
1243 		bssid = in->in_bssid;
1244 	ATH_HAL_SETRXFILTER(ah, rfilt);
1245 
1246 	if (nstate == IEEE80211_S_RUN && isc->isc_opmode != IEEE80211_M_IBSS)
1247 		ATH_HAL_SETASSOCID(ah, bssid, in->in_associd);
1248 	else
1249 		ATH_HAL_SETASSOCID(ah, bssid, 0);
1250 	if (isc->isc_flags & IEEE80211_F_WEPON) {
1251 		for (i = 0; i < IEEE80211_WEP_NKID; i++) {
1252 			if (ATH_HAL_KEYISVALID(ah, i))
1253 				ATH_HAL_KEYSETMAC(ah, i, bssid);
1254 		}
1255 	}
1256 
1257 	if ((nstate == IEEE80211_S_RUN) &&
1258 	    (ostate != IEEE80211_S_RUN)) {
1259 		/* Configure the beacon and sleep timers. */
1260 		ath_beacon_config(asc);
1261 	} else {
1262 		asc->asc_imask &= ~(HAL_INT_SWBA | HAL_INT_BMISS);
1263 		ATH_HAL_INTRSET(ah, asc->asc_imask);
1264 	}
1265 	/*
1266 	 * Reset the rate control state.
1267 	 */
1268 	ath_rate_ctl_reset(asc, nstate);
1269 
1270 	if (nstate == IEEE80211_S_RUN) {
1271 		nvlist_t *attr_list = NULL;
1272 		sysevent_id_t eid;
1273 		int32_t err = 0;
1274 		char *str_name = "ATH";
1275 		char str_value[256] = {0};
1276 
1277 		ATH_DEBUG((ATH_DBG_80211, "ath: ath new state(RUN): "
1278 		    "ic_flags=0x%08x iv=%d"
1279 		    " bssid=%s capinfo=0x%04x chan=%d\n",
1280 		    isc->isc_flags,
1281 		    in->in_intval,
1282 		    ieee80211_ether_sprintf(in->in_bssid),
1283 		    in->in_capinfo,
1284 		    ieee80211_chan2ieee(isc, in->in_chan)));
1285 
1286 		(void) sprintf(str_value, "%s%s%d", "-i ",
1287 		    ddi_driver_name(asc->asc_dev),
1288 		    ddi_get_instance(asc->asc_dev));
1289 		if (nvlist_alloc(&attr_list,
1290 		    NV_UNIQUE_NAME_TYPE, KM_SLEEP) == 0) {
1291 			err = nvlist_add_string(attr_list,
1292 			    str_name, str_value);
1293 			if (err != DDI_SUCCESS)
1294 				ATH_DEBUG((ATH_DBG_80211, "ath: "
1295 				    "ath_new_state: error log event\n"));
1296 			err = ddi_log_sysevent(asc->asc_dev,
1297 			    DDI_VENDOR_SUNW, "class",
1298 			    "subclass", attr_list,
1299 			    &eid, DDI_NOSLEEP);
1300 			if (err != DDI_SUCCESS)
1301 				ATH_DEBUG((ATH_DBG_80211, "ath: "
1302 				    "ath_new_state(): error log event\n"));
1303 			nvlist_free(attr_list);
1304 		}
1305 	}
1306 
1307 	return (0);
1308 bad:
1309 	return (error);
1310 }
1311 
1312 /*
1313  * Periodically recalibrate the PHY to account
1314  * for temperature/environment changes.
1315  */
1316 static void
1317 ath_calibrate(ieee80211com_t *isc)
1318 {
1319 	ath_t *asc = (ath_t *)isc;
1320 	struct ath_hal *ah = asc->asc_ah;
1321 	struct ieee80211channel *ch;
1322 	HAL_CHANNEL hchan;
1323 
1324 	asc->asc_stats.ast_per_cal++;
1325 
1326 	/*
1327 	 * Convert to a HAL channel description with the flags
1328 	 * constrained to reflect the current operating mode.
1329 	 */
1330 	ch = isc->isc_ibss_chan;
1331 	hchan.channel = ch->ich_freq;
1332 	hchan.channelFlags = ath_chan2flags(isc, ch);
1333 
1334 	if (ATH_HAL_GETRFGAIN(ah) == HAL_RFGAIN_NEED_CHANGE) {
1335 		/*
1336 		 * Rfgain is out of bounds, reset the chip
1337 		 * to load new gain values.
1338 		 */
1339 		ATH_DEBUG((ATH_DBG_HAL, "ath: ath_calibrate(): "
1340 		    "Need change RFgain\n"));
1341 		asc->asc_stats.ast_per_rfgain++;
1342 		ath_reset(asc);
1343 	}
1344 	if (!ATH_HAL_CALIBRATE(ah, &hchan)) {
1345 		ATH_DEBUG((ATH_DBG_HAL, "ath: ath_calibrate(): "
1346 		    "calibration of channel %u failed\n",
1347 		    ch->ich_freq));
1348 		asc->asc_stats.ast_per_calfail++;
1349 	}
1350 }
1351 
1352 static uint_t
1353 ath_gld_intr(gld_mac_info_t *gld_p)
1354 {
1355 	ath_t *asc = ATH_STATE(gld_p);
1356 	struct ath_hal *ah = asc->asc_ah;
1357 	HAL_INT status;
1358 	enum ieee80211_state isc_state;
1359 	ieee80211com_t *isc = (ieee80211com_t *)asc;
1360 
1361 	mutex_enter(&asc->asc_genlock);
1362 
1363 	if (!ATH_HAL_INTRPEND(ah)) {	/* shared irq, not for us */
1364 		mutex_exit(&asc->asc_genlock);
1365 		return (DDI_INTR_UNCLAIMED);
1366 	}
1367 
1368 	ATH_HAL_GETISR(ah, &status);
1369 	status &= asc->asc_imask;
1370 	if (status & HAL_INT_FATAL) {
1371 		asc->asc_stats.ast_hardware++;
1372 		mutex_exit(&asc->asc_genlock);
1373 		goto reset;
1374 	} else if (status & HAL_INT_RXORN) {
1375 		asc->asc_stats.ast_rxorn++;
1376 		mutex_exit(&asc->asc_genlock);
1377 		goto reset;
1378 	} else {
1379 		if (status & HAL_INT_RXEOL) {
1380 			asc->asc_stats.ast_rxeol++;
1381 			asc->asc_rxlink = NULL;
1382 		}
1383 		if (status & HAL_INT_TXURN) {
1384 			asc->asc_stats.ast_txurn++;
1385 			ATH_HAL_UPDATETXTRIGLEVEL(ah, AH_TRUE);
1386 		}
1387 		if (status & HAL_INT_RX) {
1388 			asc->asc_rx_pend = 1;
1389 			ddi_trigger_softintr(asc->asc_softint_id);
1390 		}
1391 		if (status & HAL_INT_TX) {
1392 			ath_tx_handler(asc);
1393 		}
1394 
1395 		mutex_exit(&asc->asc_genlock);
1396 
1397 		if (status & HAL_INT_SWBA) {
1398 			/* This will occur only in Host-AP or Ad-Hoc mode */
1399 			return (DDI_INTR_CLAIMED);
1400 		}
1401 		if (status & HAL_INT_BMISS) {
1402 			mutex_enter(&isc->isc_genlock);
1403 			isc_state = isc->isc_state;
1404 			mutex_exit(&isc->isc_genlock);
1405 			if (isc_state == IEEE80211_S_RUN) {
1406 				(void) ieee80211_new_state(isc,
1407 				    IEEE80211_S_ASSOC, -1);
1408 			}
1409 		}
1410 	}
1411 
1412 	return (DDI_INTR_CLAIMED);
1413 reset:
1414 	mutex_enter(&isc->isc_genlock);
1415 	ath_reset(asc);
1416 	mutex_exit(&isc->isc_genlock);
1417 	return (DDI_INTR_CLAIMED);
1418 }
1419 
1420 static uint_t
1421 ath_softint_handler(caddr_t data)
1422 {
1423 	ath_t *asc = (ath_t *)data;
1424 
1425 	/*
1426 	 * Check if the soft interrupt is triggered by another
1427 	 * driver at the same level.
1428 	 */
1429 	mutex_enter(&asc->asc_genlock);
1430 	if (asc->asc_rx_pend) { /* Soft interrupt for this driver */
1431 		asc->asc_rx_pend = 0;
1432 		mutex_exit(&asc->asc_genlock);
1433 		ath_rx_handler((ath_t *)data);
1434 		return (DDI_INTR_CLAIMED);
1435 	}
1436 	mutex_exit(&asc->asc_genlock);
1437 	return (DDI_INTR_UNCLAIMED);
1438 }
1439 
1440 /*
1441  * following are gld callback routine
1442  * ath_gld_send, ath_gld_ioctl, ath_gld_gstat
1443  * are listed in other corresponding sections.
1444  * reset the hardware w/o losing operational state.  this is
1445  * basically a more efficient way of doing ath_gld_stop, ath_gld_start,
1446  * followed by state transitions to the current 802.11
1447  * operational state.  used to recover from errors rx overrun
1448  * and to reset the hardware when rf gain settings must be reset.
1449  */
1450 
1451 static int
1452 ath_gld_reset(gld_mac_info_t *gld_p)
1453 {
1454 	ath_t *asc = ATH_STATE(gld_p);
1455 
1456 	ath_reset(asc);
1457 	return (GLD_SUCCESS);
1458 }
1459 
1460 
1461 static int
1462 ath_gld_stop(gld_mac_info_t *gld_p)
1463 {
1464 	ath_t *asc = ATH_STATE(gld_p);
1465 	ieee80211com_t *isc = (ieee80211com_t *)asc;
1466 	struct ath_hal *ah = asc->asc_ah;
1467 
1468 	(void) _ieee80211_new_state(isc, IEEE80211_S_INIT, -1);
1469 	ATH_HAL_INTRSET(ah, 0);
1470 	ath_draintxq(asc);
1471 	if (! asc->asc_invalid)
1472 		ath_stoprecv(asc);
1473 	else
1474 		asc->asc_rxlink = NULL;
1475 	ATH_HAL_SETPOWER(ah, HAL_PM_FULL_SLEEP, 0);
1476 
1477 	asc->asc_invalid = 1;
1478 
1479 	return (GLD_SUCCESS);
1480 }
1481 
1482 int
1483 ath_gld_start(gld_mac_info_t *gld_p)
1484 {
1485 	int ret;
1486 	ath_t *asc = ATH_STATE(gld_p);
1487 	ieee80211com_t *isc = (ieee80211com_t *)asc;
1488 	struct ieee80211_node *in;
1489 	enum ieee80211_phymode mode;
1490 	struct ath_hal *ah = asc->asc_ah;
1491 	HAL_STATUS status;
1492 	HAL_CHANNEL hchan;
1493 
1494 	/*
1495 	 * Stop anything previously setup.  This is safe
1496 	 * whether this is the first time through or not.
1497 	 */
1498 	ret = ath_gld_stop(gld_p);
1499 	if (ret != GLD_SUCCESS)
1500 		return (ret);
1501 
1502 	/*
1503 	 * The basic interface to setting the hardware in a good
1504 	 * state is ``reset''.  On return the hardware is known to
1505 	 * be powered up and with interrupts disabled.  This must
1506 	 * be followed by initialization of the appropriate bits
1507 	 * and then setup of the interrupt mask.
1508 	 */
1509 	hchan.channel = isc->isc_ibss_chan->ich_freq;
1510 	hchan.channelFlags = ath_chan2flags(isc, isc->isc_ibss_chan);
1511 	if (!ATH_HAL_RESET(ah, (HAL_OPMODE)isc->isc_opmode,
1512 	    &hchan, AH_FALSE, &status)) {
1513 		ATH_DEBUG((ATH_DBG_HAL, "ath: ath_gld_start(): "
1514 		    "unable to reset hardware, hal status %u\n", status));
1515 		return (GLD_FAILURE);
1516 	}
1517 	/*
1518 	 * Setup the hardware after reset: the key cache
1519 	 * is filled as needed and the receive engine is
1520 	 * set going.  Frame transmit is handled entirely
1521 	 * in the frame output path; there's nothing to do
1522 	 * here except setup the interrupt mask.
1523 	 */
1524 	ath_initkeytable(asc);
1525 
1526 	if (ath_startrecv(asc))
1527 		return (GLD_FAILURE);
1528 
1529 	/*
1530 	 * Enable interrupts.
1531 	 */
1532 	asc->asc_imask = HAL_INT_RX | HAL_INT_TX
1533 	    | HAL_INT_RXEOL | HAL_INT_RXORN
1534 	    | HAL_INT_FATAL | HAL_INT_GLOBAL;
1535 	ATH_HAL_INTRSET(ah, asc->asc_imask);
1536 
1537 	isc->isc_state = IEEE80211_S_INIT;
1538 
1539 	/*
1540 	 * The hardware should be ready to go now so it's safe
1541 	 * to kick the 802.11 state machine as it's likely to
1542 	 * immediately call back to us to send mgmt frames.
1543 	 */
1544 	in = isc->isc_bss;
1545 	in->in_chan = isc->isc_ibss_chan;
1546 	mode = ieee80211_chan2mode(isc, in->in_chan);
1547 	if (mode != asc->asc_curmode)
1548 		ath_setcurmode(asc, mode);
1549 	asc->asc_invalid = 0;
1550 	return (GLD_SUCCESS);
1551 }
1552 
1553 
1554 static int32_t
1555 ath_gld_saddr(gld_mac_info_t *gld_p, unsigned char *macaddr)
1556 {
1557 	ath_t *asc = ATH_STATE(gld_p);
1558 	struct ath_hal *ah = asc->asc_ah;
1559 
1560 	ATH_DEBUG((ATH_DBG_GLD, "ath: ath_gld_saddr(): "
1561 	    "%.2x:%.2x:%.2x:%.2x:%.2x:%.2x\n",
1562 	    macaddr[0], macaddr[1], macaddr[2],
1563 	    macaddr[3], macaddr[4], macaddr[5]));
1564 
1565 	IEEE80211_ADDR_COPY(asc->asc_isc.isc_macaddr, macaddr);
1566 	ATH_HAL_SETMAC(ah, asc->asc_isc.isc_macaddr);
1567 
1568 	ath_reset(asc);
1569 	return (GLD_SUCCESS);
1570 }
1571 
1572 static int
1573 ath_gld_set_promiscuous(gld_mac_info_t *macinfo, int mode)
1574 {
1575 	ath_t *asc = ATH_STATE(macinfo);
1576 	struct ath_hal *ah = asc->asc_ah;
1577 	uint32_t rfilt;
1578 
1579 	rfilt = ATH_HAL_GETRXFILTER(ah);
1580 	switch (mode) {
1581 	case GLD_MAC_PROMISC_PHYS:
1582 		ATH_HAL_SETRXFILTER(ah, rfilt | HAL_RX_FILTER_PROM);
1583 		break;
1584 	case GLD_MAC_PROMISC_MULTI:
1585 		rfilt |= HAL_RX_FILTER_MCAST;
1586 		rfilt &= ~HAL_RX_FILTER_PROM;
1587 		ATH_HAL_SETRXFILTER(ah, rfilt);
1588 		break;
1589 	case GLD_MAC_PROMISC_NONE:
1590 		ATH_HAL_SETRXFILTER(ah, rfilt & (~HAL_RX_FILTER_PROM));
1591 		break;
1592 	default:
1593 		break;
1594 	}
1595 
1596 	return (GLD_SUCCESS);
1597 }
1598 
1599 static int
1600 ath_gld_set_multicast(gld_mac_info_t *macinfo, uchar_t *mca, int flag)
1601 {
1602 	uint32_t mfilt[2], val, rfilt;
1603 	uint8_t pos;
1604 	ath_t *asc = ATH_STATE(macinfo);
1605 	struct ath_hal *ah = asc->asc_ah;
1606 
1607 	rfilt = ATH_HAL_GETRXFILTER(ah);
1608 
1609 	/* disable multicast */
1610 	if (flag == GLD_MULTI_DISABLE) {
1611 		ATH_HAL_SETRXFILTER(ah, rfilt & (~HAL_RX_FILTER_MCAST));
1612 		return (GLD_SUCCESS);
1613 	}
1614 
1615 	/* enable multicast */
1616 	ATH_HAL_SETRXFILTER(ah, rfilt | HAL_RX_FILTER_MCAST);
1617 
1618 	mfilt[0] = mfilt[1] = 0;
1619 
1620 	/* calculate XOR of eight 6bit values */
1621 	val = ATH_LE_READ_4(mca + 0);
1622 	pos = (val >> 18) ^ (val >> 12) ^ (val >> 6) ^ val;
1623 	val = ATH_LE_READ_4(mca + 3);
1624 	pos ^= (val >> 18) ^ (val >> 12) ^ (val >> 6) ^ val;
1625 	pos &= 0x3f;
1626 	mfilt[pos / 32] |= (1 << (pos % 32));
1627 	ATH_HAL_SETMCASTFILTER(ah, mfilt[0], mfilt[1]);
1628 
1629 	return (GLD_SUCCESS);
1630 }
1631 
1632 static void
1633 ath_wlan_ioctl(ath_t *asc, queue_t *wq, mblk_t *mp, uint32_t cmd)
1634 {
1635 
1636 	struct iocblk *iocp = (struct iocblk *)mp->b_rptr;
1637 	uint32_t len, ret;
1638 	mblk_t *mp1;
1639 
1640 	/* sanity check */
1641 	if (iocp->ioc_count == 0 || !(mp1 = mp->b_cont)) {
1642 		miocnak(wq, mp, 0, EINVAL);
1643 		return;
1644 	}
1645 
1646 	/* assuming single data block */
1647 	if (mp1->b_cont) {
1648 		freemsg(mp1->b_cont);
1649 		mp1->b_cont = NULL;
1650 	}
1651 
1652 	/* we will overwrite everything */
1653 	mp1->b_wptr = mp1->b_rptr;
1654 
1655 	ret = ath_getset(asc, mp1, cmd);
1656 
1657 	len = msgdsize(mp1);
1658 
1659 	miocack(wq, mp, len, ret);
1660 }
1661 
1662 static int
1663 ath_gld_ioctl(gld_mac_info_t *gld_p, queue_t *wq, mblk_t *mp)
1664 {
1665 	struct iocblk *iocp;
1666 	int32_t cmd, err;
1667 	ath_t *asc = ATH_STATE(gld_p);
1668 	boolean_t need_privilege;
1669 
1670 	/*
1671 	 * Validate the command before bothering with the mutexen ...
1672 	 */
1673 	iocp = (struct iocblk *)mp->b_rptr;
1674 	cmd = iocp->ioc_cmd;
1675 	need_privilege = B_TRUE;
1676 	switch (cmd) {
1677 	case WLAN_SET_PARAM:
1678 	case WLAN_COMMAND:
1679 		break;
1680 	case WLAN_GET_PARAM:
1681 		need_privilege = B_FALSE;
1682 		break;
1683 	default:
1684 		ATH_DEBUG((ATH_DBG_GLD, "ath: ath_gld_ioctl(): "
1685 		    "unknown cmd 0x%x", cmd));
1686 		miocnak(wq, mp, 0, EINVAL);
1687 		return (GLD_SUCCESS);
1688 	}
1689 
1690 	if (need_privilege) {
1691 		/*
1692 		 * Check for specific net_config privilege on Solaris 10+.
1693 		 * Otherwise just check for root access ...
1694 		 */
1695 		if (secpolicy_net_config != NULL)
1696 			err = secpolicy_net_config(iocp->ioc_cr, B_FALSE);
1697 		else
1698 			err = drv_priv(iocp->ioc_cr);
1699 		if (err != 0) {
1700 			miocnak(wq, mp, 0, err);
1701 			return (GLD_SUCCESS);
1702 		}
1703 	}
1704 
1705 	ath_wlan_ioctl(asc, wq, mp, cmd);
1706 	return (GLD_SUCCESS);
1707 }
1708 
1709 static int
1710 ath_gld_gstat(gld_mac_info_t *gld_p, struct gld_stats *glds_p)
1711 {
1712 	ath_t *asc = ATH_STATE(gld_p);
1713 	ieee80211com_t *isc = (ieee80211com_t *)asc;
1714 	struct ieee80211_node *in = isc->isc_bss;
1715 	struct ath_node *an = ATH_NODE(in);
1716 	struct ieee80211_rateset *rs = &in->in_rates;
1717 
1718 	glds_p->glds_crc	= asc->asc_stats.ast_rx_crcerr;
1719 	glds_p->glds_multircv	= 0;
1720 	glds_p->glds_multixmt	= 0;
1721 	glds_p->glds_excoll	= 0;
1722 	glds_p->glds_xmtretry	= an->an_tx_retr;
1723 	glds_p->glds_defer	= 0;
1724 	glds_p->glds_noxmtbuf	= asc->asc_stats.ast_tx_nobuf;
1725 	glds_p->glds_norcvbuf	= asc->asc_stats.ast_rx_fifoerr;
1726 	glds_p->glds_short	= asc->asc_stats.ast_rx_tooshort;
1727 	glds_p->glds_missed	= asc->asc_stats.ast_rx_badcrypt;
1728 	glds_p->glds_speed	= 1000000*(rs->ir_rates[in->in_txrate] &
1729 	    IEEE80211_RATE_VAL) / 2;
1730 	glds_p->glds_duplex	= GLD_DUPLEX_FULL;
1731 
1732 	return (GLD_SUCCESS);
1733 }
1734 
1735 static int
1736 ath_attach(dev_info_t *devinfo, ddi_attach_cmd_t cmd)
1737 {
1738 	ath_t *asc;
1739 	ieee80211com_t *isc;
1740 	struct ath_hal *ah;
1741 	uint8_t csz;
1742 	HAL_STATUS status;
1743 	caddr_t regs;
1744 	uint32_t i, val;
1745 	uint16_t vendor_id, device_id, command;
1746 	const char *athname;
1747 	int32_t ath_countrycode = CTRY_DEFAULT;	/* country code */
1748 	int32_t err, ath_regdomain = 0; /* regulatory domain */
1749 	char strbuf[32];
1750 
1751 	switch (cmd) {
1752 	case DDI_RESUME:
1753 		return (DDI_FAILURE);
1754 	case DDI_ATTACH:
1755 		break;
1756 	default:
1757 		return (DDI_FAILURE);
1758 	}
1759 
1760 	if (ddi_soft_state_zalloc(ath_soft_state_p,
1761 	    ddi_get_instance(devinfo)) != DDI_SUCCESS) {
1762 		ATH_DEBUG((ATH_DBG_ATTACH, "ath: ath_attach(): "
1763 		    "Unable to alloc softstate\n"));
1764 		return (DDI_FAILURE);
1765 	}
1766 
1767 	asc = ddi_get_soft_state(ath_soft_state_p, ddi_get_instance(devinfo));
1768 	isc = (ieee80211com_t *)asc;
1769 	asc->asc_dev = devinfo;
1770 
1771 	ath_halfix_init();
1772 
1773 	mutex_init(&asc->asc_genlock, NULL, MUTEX_DRIVER, NULL);
1774 	mutex_init(&asc->asc_txbuflock, NULL, MUTEX_DRIVER, NULL);
1775 	mutex_init(&asc->asc_rxbuflock, NULL, MUTEX_DRIVER, NULL);
1776 	mutex_init(&asc->asc_gld_sched_lock, NULL, MUTEX_DRIVER, NULL);
1777 
1778 	err = pci_config_setup(devinfo, &asc->asc_cfg_handle);
1779 	if (err != DDI_SUCCESS) {
1780 		ATH_DEBUG((ATH_DBG_ATTACH, "ath: ath_attach(): "
1781 		    "pci_config_setup() failed"));
1782 		goto attach_fail0;
1783 	}
1784 
1785 	csz = pci_config_get8(asc->asc_cfg_handle, PCI_CONF_CACHE_LINESZ);
1786 	asc->asc_cachelsz = csz << 2;
1787 	vendor_id = pci_config_get16(asc->asc_cfg_handle, PCI_CONF_VENID);
1788 	device_id = pci_config_get16(asc->asc_cfg_handle, PCI_CONF_DEVID);
1789 	ATH_DEBUG((ATH_DBG_ATTACH, "ath: ath_attach(): vendor 0x%x, "
1790 	    "device id 0x%x, cache size %d\n", vendor_id, device_id, csz));
1791 
1792 	athname = ath_hal_probe(vendor_id, device_id);
1793 	ATH_DEBUG((ATH_DBG_ATTACH, "ath: ath_attach(): athname: %s\n",
1794 	    athname ? athname : "Atheros ???"));
1795 
1796 	/*
1797 	 * Enable response to memory space accesses,
1798 	 * and enabe bus master.
1799 	 */
1800 	command = PCI_COMM_MAE | PCI_COMM_ME;
1801 	pci_config_put16(asc->asc_cfg_handle, PCI_CONF_COMM, command);
1802 	ATH_DEBUG((ATH_DBG_ATTACH, "ath: ath_attach(): "
1803 	    "set command reg to 0x%x \n", command));
1804 
1805 	pci_config_put8(asc->asc_cfg_handle, PCI_CONF_LATENCY_TIMER, 0xa8);
1806 	val = pci_config_get32(asc->asc_cfg_handle, 0x40);
1807 	if ((val & 0x0000ff00) != 0)
1808 		pci_config_put32(asc->asc_cfg_handle, 0x40, val & 0xffff00ff);
1809 
1810 	err = ddi_regs_map_setup(devinfo, 1,
1811 	    &regs, 0, 0, &ath_reg_accattr, &asc->asc_io_handle);
1812 	ATH_DEBUG((ATH_DBG_ATTACH, "ath: ath_attach(): "
1813 	    "regs map1 = %x err=%d\n", regs, err));
1814 	if (err != DDI_SUCCESS) {
1815 		ATH_DEBUG((ATH_DBG_ATTACH, "ath: ath_attach(): "
1816 		    "ddi_regs_map_setup() failed"));
1817 		goto attach_fail1;
1818 	}
1819 
1820 	ah = ath_hal_attach(device_id, asc, 0, regs, &status);
1821 	if (ah == NULL) {
1822 		ATH_DEBUG((ATH_DBG_ATTACH, "ath: ath_attach(): "
1823 		    "unable to attach hw; HAL status %u\n", status));
1824 		goto attach_fail2;
1825 	}
1826 	ATH_HAL_INTRSET(ah, 0);
1827 	asc->asc_ah = ah;
1828 
1829 	if (ah->ah_abi != HAL_ABI_VERSION) {
1830 		ATH_DEBUG((ATH_DBG_ATTACH, "ath: ath_attach(): "
1831 		    "HAL ABI mismatch detected (0x%x != 0x%x)\n",
1832 		    ah->ah_abi, HAL_ABI_VERSION));
1833 		goto attach_fail3;
1834 	}
1835 
1836 	ATH_DEBUG((ATH_DBG_ATTACH, "ath: ath_attach(): "
1837 	    "HAL ABI version 0x%x\n", ah->ah_abi));
1838 	ATH_DEBUG((ATH_DBG_ATTACH, "ath: ath_attach(): "
1839 	    "HAL mac version %d.%d, phy version %d.%d\n",
1840 	    ah->ah_macVersion, ah->ah_macRev,
1841 	    ah->ah_phyRev >> 4, ah->ah_phyRev & 0xf));
1842 	if (ah->ah_analog5GhzRev)
1843 		ATH_DEBUG((ATH_DBG_ATTACH, "ath: ath_attach(): "
1844 		    "HAL 5ghz radio version %d.%d\n",
1845 		    ah->ah_analog5GhzRev >> 4,
1846 		    ah->ah_analog5GhzRev & 0xf));
1847 	if (ah->ah_analog2GhzRev)
1848 		ATH_DEBUG((ATH_DBG_ATTACH, "ath: ath_attach(): "
1849 		    "HAL 2ghz radio version %d.%d\n",
1850 		    ah->ah_analog2GhzRev >> 4,
1851 		    ah->ah_analog2GhzRev & 0xf));
1852 
1853 	/*
1854 	 * Check if the MAC has multi-rate retry support.
1855 	 * We do this by trying to setup a fake extended
1856 	 * descriptor.  MAC's that don't have support will
1857 	 * return false w/o doing anything.  MAC's that do
1858 	 * support it will return true w/o doing anything.
1859 	 */
1860 	asc->asc_mrretry = ATH_HAL_SETUPXTXDESC(ah, NULL, 0, 0, 0, 0, 0, 0);
1861 	ATH_DEBUG((ATH_DBG_ATTACH, "ath: ath_attach(): "
1862 	    "multi rate retry support=%x\n",
1863 	    asc->asc_mrretry));
1864 
1865 	ATH_HAL_GETREGDOMAIN(ah, (uint32_t *)&ath_regdomain);
1866 	ATH_HAL_GETCOUNTRYCODE(ah, &ath_countrycode);
1867 	/*
1868 	 * Collect the channel list using the default country
1869 	 * code and including outdoor channels.  The 802.11 layer
1870 	 * is resposible for filtering this list to a set of
1871 	 * channels that it considers ok to use.
1872 	 */
1873 	asc->asc_have11g = 0;
1874 
1875 	/* enable outdoor use, enable extended channels */
1876 	err = ath_getchannels(asc, ath_countrycode, AH_FALSE, AH_TRUE);
1877 	if (err != 0)
1878 		goto attach_fail3;
1879 
1880 	/*
1881 	 * Setup rate tables for all potential media types.
1882 	 */
1883 	ath_rate_setup(asc, IEEE80211_MODE_11A);
1884 	ath_rate_setup(asc, IEEE80211_MODE_11B);
1885 	ath_rate_setup(asc, IEEE80211_MODE_11G);
1886 	ath_rate_setup(asc, IEEE80211_MODE_TURBO);
1887 
1888 	/* Setup here so ath_rate_update is happy */
1889 	ath_setcurmode(asc, IEEE80211_MODE_11A);
1890 
1891 	err = ath_desc_alloc(devinfo, asc);
1892 	if (err != DDI_SUCCESS) {
1893 		ATH_DEBUG((ATH_DBG_ATTACH, "ath: ath_attach(): "
1894 		    "failed to allocate descriptors: %d\n", err));
1895 		goto attach_fail3;
1896 	}
1897 
1898 	/* Setup transmit queues in the HAL */
1899 	if (ath_txq_setup(asc))
1900 		goto attach_fail4;
1901 
1902 	ATH_HAL_GETMAC(ah, asc->asc_isc.isc_macaddr);
1903 
1904 	/* setup gld */
1905 	if ((isc->isc_dev = gld_mac_alloc(devinfo)) == NULL) {
1906 		ATH_DEBUG((ATH_DBG_ATTACH, "ath: ath_attach(): "
1907 		"gld_mac_alloc = %p\n", (void *)isc->isc_dev));
1908 		goto attach_fail4;
1909 	}
1910 
1911 	/* pre initialize some variables for isc */
1912 	isc->isc_dev->gldm_private	= (caddr_t)asc;
1913 
1914 	isc->isc_gld_reset		= ath_gld_reset;
1915 	isc->isc_gld_start		= ath_gld_start;
1916 	isc->isc_gld_stop		= ath_gld_stop;
1917 	isc->isc_gld_saddr		= ath_gld_saddr;
1918 	isc->isc_gld_send		= ath_gld_send;
1919 	isc->isc_gld_set_promiscuous	= ath_gld_set_promiscuous;
1920 	isc->isc_gld_gstat		= ath_gld_gstat;
1921 	isc->isc_gld_ioctl		= ath_gld_ioctl;
1922 	isc->isc_gld_set_multicast	= ath_gld_set_multicast;
1923 	isc->isc_gld_intr		= ath_gld_intr;
1924 
1925 	isc->isc_mgmt_send = ath_mgmt_send;
1926 	isc->isc_new_state = ath_new_state;
1927 	isc->isc_phytype = IEEE80211_T_OFDM;
1928 	isc->isc_opmode = IEEE80211_M_STA;
1929 	isc->isc_caps = IEEE80211_C_WEP | IEEE80211_C_IBSS |
1930 	    IEEE80211_C_HOSTAP;
1931 	/* 11g support is identified when we fetch the channel set */
1932 	if (asc->asc_have11g)
1933 		isc->isc_caps |= IEEE80211_C_SHPREAMBLE;
1934 	isc->isc_node_alloc = ath_node_alloc;
1935 	isc->isc_node_free = ath_node_free;
1936 	isc->isc_node_copy = ath_node_copy;
1937 	isc->isc_rate_ctl = ath_rate_ctl;
1938 	isc->isc_calibrate = ath_calibrate;
1939 	(void) ieee80211_ifattach(isc->isc_dev);
1940 
1941 	isc->isc_dev->gldm_devinfo		= devinfo;
1942 	isc->isc_dev->gldm_vendor_addr		= asc->asc_isc.isc_macaddr;
1943 	isc->isc_dev->gldm_broadcast_addr	= ath_broadcast_addr;
1944 	isc->isc_dev->gldm_ident		= "Atheros driver";
1945 	isc->isc_dev->gldm_type			= DL_ETHER;
1946 	isc->isc_dev->gldm_minpkt		= 0;
1947 	isc->isc_dev->gldm_maxpkt		= 1500;
1948 	isc->isc_dev->gldm_addrlen		= ETHERADDRL;
1949 	isc->isc_dev->gldm_saplen		= -2;
1950 	isc->isc_dev->gldm_ppa			= ddi_get_instance(devinfo);
1951 
1952 	asc->asc_rx_pend = 0;
1953 	ATH_HAL_INTRSET(ah, 0);
1954 	err = ddi_add_softintr(devinfo, DDI_SOFTINT_LOW,
1955 	    &asc->asc_softint_id, NULL, 0, ath_softint_handler, (caddr_t)asc);
1956 	if (err != DDI_SUCCESS) {
1957 		ATH_DEBUG((ATH_DBG_ATTACH, "ath: ath_attach(): "
1958 		    "ddi_add_softintr() failed"));
1959 		goto attach_fail5;
1960 	}
1961 
1962 	if (ddi_get_iblock_cookie(devinfo, 0, &asc->asc_iblock)
1963 	    != DDI_SUCCESS) {
1964 		ATH_DEBUG((ATH_DBG_ATTACH, "ath: ath_attach(): "
1965 		    "Can not get iblock cookie for INT\n"));
1966 		goto attach_fail6;
1967 	}
1968 
1969 	if (ddi_add_intr(devinfo, 0, NULL, NULL, gld_intr,
1970 	    (caddr_t)asc->asc_isc.isc_dev) != DDI_SUCCESS) {
1971 		ATH_DEBUG((ATH_DBG_ATTACH, "ath: ath_attach(): "
1972 		    "Can not set intr for ATH driver\n"));
1973 		goto attach_fail6;
1974 	}
1975 	isc->isc_dev->gldm_cookie = asc->asc_iblock;
1976 
1977 	if (err = gld_register(devinfo, "ath", isc->isc_dev)) {
1978 		ATH_DEBUG((ATH_DBG_ATTACH, "ath: ath_attach(): "
1979 		    "gld_register err %x\n", err));
1980 		goto attach_fail7;
1981 	}
1982 
1983 	/* Create minor node of type DDI_NT_NET_WIFI */
1984 	(void) snprintf(strbuf, sizeof (strbuf), "%s%d",
1985 	    ATH_NODENAME, isc->isc_dev->gldm_ppa);
1986 	err = ddi_create_minor_node(devinfo, strbuf, S_IFCHR,
1987 	    isc->isc_dev->gldm_ppa + 1, DDI_NT_NET_WIFI, 0);
1988 	if (err != DDI_SUCCESS)
1989 		ATH_DEBUG((ATH_DBG_ATTACH, "WARN: ath: ath_attach(): "
1990 		    "Create minor node failed - %d\n", err));
1991 
1992 	asc->asc_invalid = 1;
1993 	return (DDI_SUCCESS);
1994 attach_fail7:
1995 	ddi_remove_intr(devinfo, 0, asc->asc_iblock);
1996 attach_fail6:
1997 	ddi_remove_softintr(asc->asc_softint_id);
1998 attach_fail5:
1999 	gld_mac_free(isc->isc_dev);
2000 attach_fail4:
2001 	ath_desc_free(asc);
2002 attach_fail3:
2003 	ah->ah_detach(asc->asc_ah);
2004 attach_fail2:
2005 	ddi_regs_map_free(&asc->asc_io_handle);
2006 attach_fail1:
2007 	pci_config_teardown(&asc->asc_cfg_handle);
2008 attach_fail0:
2009 	asc->asc_invalid = 1;
2010 	mutex_destroy(&asc->asc_txbuflock);
2011 	for (i = 0; i < HAL_NUM_TX_QUEUES; i++) {
2012 		if (ATH_TXQ_SETUP(asc, i)) {
2013 			struct ath_txq *txq = &asc->asc_txq[i];
2014 			mutex_destroy(&txq->axq_lock);
2015 		}
2016 	}
2017 	mutex_destroy(&asc->asc_rxbuflock);
2018 	mutex_destroy(&asc->asc_genlock);
2019 	mutex_destroy(&asc->asc_gld_sched_lock);
2020 	ddi_soft_state_free(ath_soft_state_p, ddi_get_instance(devinfo));
2021 
2022 	return (DDI_FAILURE);
2023 }
2024 
2025 static int32_t
2026 ath_detach(dev_info_t *devinfo, ddi_detach_cmd_t cmd)
2027 {
2028 	ath_t *asc;
2029 	int32_t i;
2030 
2031 	asc = ddi_get_soft_state(ath_soft_state_p, ddi_get_instance(devinfo));
2032 	ASSERT(asc != NULL);
2033 
2034 	switch (cmd) {
2035 	default:
2036 		return (DDI_FAILURE);
2037 
2038 	case DDI_SUSPEND:
2039 		return (DDI_FAILURE);
2040 
2041 	case DDI_DETACH:
2042 		break;
2043 	}
2044 
2045 	ASSERT(asc->asc_isc.isc_mf_thread == NULL);
2046 
2047 	/* disable interrupts */
2048 	ATH_HAL_INTRSET(asc->asc_ah, 0);
2049 
2050 	/* free intterrupt resources */
2051 	ddi_remove_intr(devinfo, 0, asc->asc_iblock);
2052 	ddi_remove_softintr(asc->asc_softint_id);
2053 
2054 	/* detach 802.11 and Atheros HAL */
2055 	ieee80211_ifdetach(asc->asc_isc.isc_dev);
2056 	ath_desc_free(asc);
2057 	asc->asc_ah->ah_detach(asc->asc_ah);
2058 	ath_halfix_finit();
2059 
2060 	/* detach gld */
2061 	if (gld_unregister(asc->asc_isc.isc_dev) != 0)
2062 		return (DDI_FAILURE);
2063 	gld_mac_free(asc->asc_isc.isc_dev);
2064 
2065 	/* free io handle */
2066 	ddi_regs_map_free(&asc->asc_io_handle);
2067 	pci_config_teardown(&asc->asc_cfg_handle);
2068 
2069 	/* destroy locks */
2070 	mutex_destroy(&asc->asc_txbuflock);
2071 	for (i = 0; i < HAL_NUM_TX_QUEUES; i++) {
2072 		if (ATH_TXQ_SETUP(asc, i)) {
2073 			struct ath_txq *txq = &asc->asc_txq[i];
2074 			mutex_destroy(&txq->axq_lock);
2075 		}
2076 	}
2077 	mutex_destroy(&asc->asc_rxbuflock);
2078 	mutex_destroy(&asc->asc_genlock);
2079 	mutex_destroy(&asc->asc_gld_sched_lock);
2080 
2081 	ddi_remove_minor_node(devinfo, NULL);
2082 	ddi_soft_state_free(ath_soft_state_p, ddi_get_instance(devinfo));
2083 
2084 	return (DDI_SUCCESS);
2085 }
2086 
2087 static struct module_info ath_module_info = {
2088 	0,	/* ATH_IDNUM, */
2089 	"ath",	/* ATH_DRIVER_NAME, */
2090 	0,
2091 	INFPSZ,
2092 	4096,	/* ATH_HIWAT, */
2093 	128,	/* ATH_LOWAT */
2094 };
2095 
2096 static struct qinit ath_r_qinit = {	/* read queues */
2097 	NULL,
2098 	gld_rsrv,
2099 	gld_open,
2100 	gld_close,
2101 	NULL,
2102 	&ath_module_info,
2103 	NULL
2104 };
2105 
2106 static struct qinit ath_w_qinit = {	/* write queues */
2107 	gld_wput,
2108 	gld_wsrv,
2109 	NULL,
2110 	NULL,
2111 	NULL,
2112 	&ath_module_info,
2113 	NULL
2114 };
2115 
2116 static struct streamtab ath_streamtab = {
2117 	&ath_r_qinit,
2118 	&ath_w_qinit,
2119 	NULL,
2120 	NULL
2121 };
2122 
2123 static struct cb_ops ath_cb_ops = {
2124 	nulldev,		/* cb_open */
2125 	nulldev,		/* cb_close */
2126 	nodev,			/* cb_strategy */
2127 	nodev,			/* cb_print */
2128 	nodev,			/* cb_dump */
2129 	nodev,			/* cb_read */
2130 	nodev,			/* cb_write */
2131 	nodev,			/* cb_ioctl */
2132 	nodev,			/* cb_devmap */
2133 	nodev,			/* cb_mmap */
2134 	nodev,			/* cb_segmap */
2135 	nochpoll,		/* cb_chpoll */
2136 	ddi_prop_op,		/* cb_prop_op */
2137 	&ath_streamtab,		/* cb_stream */
2138 	D_MP,			/* cb_flag */
2139 	0,			/* cb_rev */
2140 	nodev,			/* cb_aread */
2141 	nodev			/* cb_awrite */
2142 };
2143 
2144 static struct dev_ops ath_dev_ops = {
2145 	DEVO_REV,		/* devo_rev */
2146 	0,			/* devo_refcnt */
2147 	gld_getinfo,		/* devo_getinfo */
2148 	nulldev,		/* devo_identify */
2149 	nulldev,		/* devo_probe */
2150 	ath_attach,		/* devo_attach */
2151 	ath_detach,		/* devo_detach */
2152 	nodev,			/* devo_reset */
2153 	&ath_cb_ops,		/* devo_cb_ops */
2154 	(struct bus_ops *)NULL,	/* devo_bus_ops */
2155 	NULL			/* devo_power */
2156 };
2157 
2158 static struct modldrv ath_modldrv = {
2159 	&mod_driverops,		/* Type of module.  This one is a driver */
2160 	"ath driver 1.1",	/* short description */
2161 	&ath_dev_ops		/* driver specific ops */
2162 };
2163 
2164 static struct modlinkage modlinkage = {
2165 	MODREV_1, (void *)&ath_modldrv, NULL
2166 };
2167 
2168 
2169 int
2170 _info(struct modinfo *modinfop)
2171 {
2172 	return (mod_info(&modlinkage, modinfop));
2173 }
2174 
2175 int
2176 _init(void)
2177 {
2178 	int status;
2179 
2180 	status = ddi_soft_state_init(&ath_soft_state_p, sizeof (ath_t), 1);
2181 	if (status != 0)
2182 		return (status);
2183 
2184 	mutex_init(&ath_loglock, NULL, MUTEX_DRIVER, NULL);
2185 	status = mod_install(&modlinkage);
2186 	if (status != 0) {
2187 		ddi_soft_state_fini(&ath_soft_state_p);
2188 		mutex_destroy(&ath_loglock);
2189 	}
2190 
2191 	return (status);
2192 }
2193 
2194 int
2195 _fini(void)
2196 {
2197 	int status;
2198 
2199 	status = mod_remove(&modlinkage);
2200 	if (status == 0) {
2201 		ddi_soft_state_fini(&ath_soft_state_p);
2202 		mutex_destroy(&ath_loglock);
2203 	}
2204 	return (status);
2205 }
2206